Lucene search

IBM2384BABEBFA605EA41072E90069E51DE6B31AD68C249A8081EC457EE42874C41

HistoryJun 25, 2018 - 5:54 a.m.

Security Bulletin: Multiple Security vulnerabilities have been identified in IBM Websphere Application Server and IBM Java shipped with IBM Security Access Manager for Enterprise Single Sign-On

2018-06-2505:54:54

www.ibm.com

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

Summary

IBM Websphere Application Server is shipped as a component of IBM Security Access Manager for Enterprise Single Sign-On. Information about a security vulnerability affecting IBM Websphere Application Server has been published in a security bulletin.

IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Security Access Manager for Enterprise Single Sign-On. Information about a security vulnerability affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin.

Vulnerability Details

Please consult the security bulletin Potential cross-site scripting in the Admin Console for WebSphere Application Server (CVE-2016-8934) for vulnerability details and information about fixes.
Please consult the security bulletin Potential Information Disclosure in WebSphere Application Server (CVE-2016-9736) for vulnerability details and information about fixes.
Please consult the security bulletin Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition for vulnerability details and information about fixes.

Affected Products and Versions

Principal Product and Versions

| Affected Supporting Product and Version
—|—
ISAMESSO 8.2, 8.2.1, 8.2.2| IBM Websphere Application Server 7.0, 8.0 and 8.5
ISAMESSO 8.2, 8.2.1, 8.2.2| IBM® SDK, Java™ Technology Edition 1.7

Remediation/Fixes

None

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm security access manager for enterprise single sign-oneq8.2
ibm security access manager for enterprise single sign-oneq8.2.1
ibm security access manager for enterprise single sign-oneq8.2.2

Name	Operator	Version
ibm security access manager for enterprise single sign-on	eq	8.2
ibm security access manager for enterprise single sign-on	eq	8.2.1
ibm security access manager for enterprise single sign-on	eq	8.2.2

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

Related for 2384BABEBFA605EA41072E90069E51DE6B31AD68C249A8081EC457EE42874C41